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Study guide 


This chapter is best studied in the following four 
sessions. 


Study session 1: Sections 1 and 2. 
Study session 2: Section 3. 
Study session 3: Section 4. 
Study session 4: Section 5. 


The first two sessions are longer than the other 
two, the last of which is based on Mathcad. 
Subsection 3.4 will not be assessed. 


If you prefer a short first session, then note that 
Section 2 may be studied at any time after 
Section 1. Also note that, although the Mathcad 
activities have been presented at the end of the 
chapter, there are margin notes throughout the 
earlier sections suggesting other appropriate 
points at which to try them, 


Throughout this chapter there is a lot of 
arithmetic for you to do and for you to check (if 
you wish to). So make sure that your calculator is 
to hand whenever you work on the chapter. Of 
course, you may prefer to do arithmetic with the 
aid of Mathcad (when this is convenient). 


This chapter contains a number of formally stated 
results and their proofs. It is not intended that 
you should be able to construct such proofs for 
yourself, but you should aim to work through as 
many as you can. Make a serious effort to 
understand each proof, but do so within a 
timetable which ensures that you complete your 
study of the chapter in a reasonable time. 


The optional Video Band D(iii), Algebra 
workout — Modular arithmetic, could be 
viewed at any stage during your study of 
this chapter. 
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Introduction 


In this chapter we return to basics and look more closely at the positive 
integers 1,2,3,..., and their properties. The careful study of these 
numbers goes back at least to the Ancient Babylonians who knew, for 
example, how to find triples of positive integers x, y and z, such that 


rt+y=2’. 
But it was the Ancient Greeks who made the first serious development of 
what is now called number theory. For example, Euclid studied the prime 
numbers 


2,3, 5,7, 11, 13, 17, 19, 23, 29, 31, 37,41,..., 


those positive integers which cannot be expressed as a product of smaller 
factors and showed, by an ingenious argument, that there are infinitely 
many such numbers. On the other hand, Euclid seems to have taken for 
granted that every positive integer greater than 1 has a unique prime 
factorisation; that is, it can be expressed as a product of prime numbers in 
only one way (apart from the order of the prime numbers). Though true, 
this fact is not at all obvious! 


After the Ancient Greeks, there was little work done on number theory in 
the western world until the 17th Century when the French amateur 
mathematician P. de Fermat took up the subject and discovered many 
results which now form its foundations, Unfortunately, Fermat published 
few proofs and it was left to his successors, L. Euler and C. F. Gauss, to 
establish these foundations securely, and develop the subject further. 
However, Fermat's influence continues to be felt, partly because he left 
later generations of mathematicians one of their most challenging 
problems: 


Do there exist positive integers x, y, z and n, with n > 3, such that 


zy? = 27 


This was finally answered in 1994, after many earlier attempts. 


Number theory abounds with tantalising problems of this type, which are 
studied for their own intrinsic interest, with no view to applications. This 
does not mean that the subject is without applications, though the English 
mathematician G. H. Hardy clearly felt that there were none when he 
wrote: 


If the theory of numbers could be employed for any practical and 
obviously honourable purpose, if it could be turned directly to the 
furtherance of human happiness or the relief of human suffering, as 
physiology and even chemistry can, then surely neither Gauss nor any 
other mathematician would be so foolish as to decry or regret such 
applications. But science works for evil as well as for good (and 
particularly, of course, in time of war); and both Gauss and lesser 
mathematicians may be justified in rejoicing that there is one science 
at any rate, and that their own, whose very remoteness from ordinary 
human activities should keep it gentle and clean. 


In this chapter you will meet some of the basic techniques used in number 
theory. In particular you will encounter a theorem of Fermat’s about prime 
numbers which Hardy would have regarded as elegant but essentially 


For example, 


3744? = 5 


and 
5? + 12? = 137. 


Tt is conventional not to 
include 1 as a prime number. 


For example, Gauss was the 
first to publish a proof of the 
above result on unique prime 
factorisation. 


See Subsection 3.4. 


From Hardy, G. H. (1940) 
A Mathematician's Apology, 
Cambridge, Cambridge 
University Press. 
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trivial, and you will see that this ‘trivial’ theorem has turned out to have 
fundamental applications in the very practical area of cryptography! 


In order to feel confident about the truth of such theorems and their 
applications, it is essential that clear reasoning is used to justify them. 
You will find that this chapter includes a larger number of results and 
their proofs than earlier ones, and this makes it somewhat more abstract. 


The results in the chapter have been labelled with the usual names found 

in mathematics texts: 

© a theorem is a key result, or list of key results; 

© alemma is a minor result, usually preparing the way for a theorem; 

© acorollary is a straightforward consequence of a theorem, often a 
special case of it. 

Strictly speaking, there is no formal difference between these types of 

results — they could all be called theorems. The names have been chosen 

to give some indication of the relationship between, and relative 

importance of, the results. They might have been chosen differently by a 

different author. 


Finally, note that in this chapter we shall not discuss the general topic of 
‘methods of proof’. This will be tackled in Chapter D4. 


1 Congruence 


1.1 Division 


At an early age we learn how to divide one positive integer by another to 
obtain a quotient and a remainder. For example, 32 divided by 5 gives 
quotient 6 and remainder 2, because 32 = 6 x 5 +2. In general, if we 
divide any positive integer by 5, then the remainder will be one of the 
numbers 0, 1, 2, 3, 4. 


Occasionally, we shall need to divide a negative integer by a positive 
integer. You might guess that, since —-32 = —6 x 5 — 2, the quotient would 
be —6 and the remainder —2. However, when studying the properties of 
integers it is more convenient to insist that the remainder on division by 5 
is always one of the numbers 0, 1, 2, 3, 4. With this preference in mind, we 
can write 


—32=-7x5+3 
to give the quotient —7 and remainder 3. 


Experience with long division suggests that a division process of this type 
can be carried out for any given integer a and positive integer n. Since this 
is so important in what follows, we state it as our first theorem. 


Theorem 1.1 Division Algorithm 
Let a and n be integers, with n positive. Then there are unique 
integers g and r such that 


a=qn+r, with O<r<n. 


The number q is called the quotient and r is called the remainder, on 
division by n. If r = 0, then we say that a is divisible by n, and in this 
case n is called a divisor or factor of a. 


To see why this theorem is true, we mark the (integer) multiples of n on a 
number line and then observe in which of the resulting intervals of length 
n the integer a lies. Let a lie in the interval from gn to (q¢+ 1)n, as in 
Figure 1.1. 


=f T r T T T Co 
—2n —n 0 n 2n 3n sos gn (q+1)n 


Figure 1.1 


This picture should convince you that there is a unique integer q such that 

qn <a<(q4+1)n. (1.1) 
Thus, if we put r = a—qn, then a= qn+rand0<r<n, This is the 
required result. 


Theorem 1.1 describes what we shall mean by division of an integer a by a 
positive integer n. If a happens to be positive, then the quotient q and 


Strictly speaking, this 
theorem is not an algorithm, 
but ‘Division Algorithm’ is 
the traditional name for it. 


In this chapter a multiple is 
always an integer multiple. 


Here floor(x) is the greatest 
integer which is less than or 
equal to x. In most 
mathematics texts, this 
function is denoted by [z]. 


We have r=a—qn. 
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remainder 7 can be found by long division. When working with a 
calculator, however, it is convenient to rewrite (1.1) in the form 


q< - <q+1, which implies that qg= tloor(*) . 


For example, if a = 1000 and n = 13, then 


q= floor( 5") = floor(76.92...) = 76, 
80. 
r = 1000 — 76 x 13 = 1000 — 988 = 12. 
This method also works if a is negative. For example, if a = —1000 and 
n= 13, then 
q= floor") = floor(—76.92...) = —77, 
80 


r = —1000 — (—77) x 13 = —1000 + 1001 = 1. 


Activity 1,1 Practising division 


For each of the following integers a and n, find the quotient and remainder 
on division of a by n. 


(a) a=77,n=9 

(b) a= —100, n=11 

(c) a = 987654321,n=8 
Solutions are given on page 42. 


Activity 1.2 Sharing remainders 


Draw a number line and mark on it all the integers between —9 and 9 
which give remainder 1 on division by 3. What pattern do you notice? 


Comment 


bd (Ee RET PS ES Tie ena pa Taipei a ee 
-9 -8 -7 -6 -5 -4 -3 -2-1 0 1 2 3 4 5 6 7 8 9 


Figure 1.2 


These numbers are evenly spaced, their differences being multiples of 3. 
Notice that they include 1, since 1 = 0 x 3+ 1. 


1.2 Congruences and their properties 


Suppose that is a positive integer. The outcome of Activity 1.2 suggests 
that the following assertions about two integers a and b are closely related: 


(1) a and b have the same remainder on division by n; 
(2) a and b differ by a multiple of n. 
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Tn fact these assertions are equivalent to each other, in the sense that if (1) 
is true then (2) is true and, conversely, if (2) is true then (1) is true, 


For example, suppose that (1) is true. Then, by the Division Algorithm, 
a=pn+r and b=qn+r, 

where p and q are quotients and r is the common remainder. Thus 
a—b=(pn+r)—(qnt+r) =(p—q)n, 

so a and b do indeed differ by a multiple of n; that is, (2) is true. We now 


ask you to try and prove the converse result that if (2) is true then (1) is 
true, 


‘Activity 1.3. A proof 


Prove that if (2) is true, then (1) is true. 


(One approach is to assume that a has remainder r on division by n, and 
use the fact that a —b is a multiple of n to deduce that b also has 
remainder r on division by n.) 


A solution is given on page 42. 


Since integers with the same remainder on division by n are so closely 
related in this way, it is useful to introduce the following terminology and 
notation, This was invented by the great German mathematician 

C, F. Gauss and appeared in his book Disquisitiones Arithmeticae (1801), 
where he laid the foundations of modern number theory. 


Definition 
Let n be a positive integer. Two integers a and b are congruent, 
modulo n if a — 6 is a multiple of n; that is, if a and b have the same 
remainder on division by n. 
In symbols we write 

a=b(mod n). 
Such a statement is called a congruence, and n is called the 
modulus of the congruence. 


The word congruent means ‘the same’; two numbers which are congruent 
modulo n are the same, apart from multiples of n. 


For example, 
3 = 25 (mod 11), since 3 — 25 = —22 is a multiple of 11, 
and 
= —26 (mod 11), since 7 — (—26) = 33 is a multiple of 11. 


On the other hand, 12 and 8 are not congruent modulo 11, since 
12 — 8 = 4 is not a multiple of 11, In this case, we write 12 # 8 (mod 11). 


We say ‘a is congruent to b 
modulo n’. 


You have seen other meanings 
for the word ‘modulus’ in this 
course, It is important to 
interpret technical terms 
according to the current 
context. 


Tt is usually convenient to 
check a congruence by 
considering the difference 
a—b. 
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Activity 1.4 Checking congruences 


Decide which of the following congruences are true and which are false. 
(a) 7 =3 (mod 4) (b) 7=3 (mod 8) (c) 5 =—3 (mod 4) 

(d) 63 = 63 (mod 37) (e) 35 = —9 (mod 4) (f) —9 = 35 (mod 4) 
Solutions are given on page 42. 

Comment 


Notice that changing the modulus of a congruence, as in parts (a) and (b), 
may affect the truth of the congruence. 


The examples in Activity 1.4 may have suggested to you that congruences 
have various general properties, and can even be combined in certain ways. 
For example, the congruences 


7=3(mod4), 5=-—3(mod4), 35=—-9(mod 4), 
suggest that two given congruences can be ‘multiplied’ to produce a new 


congruence. Our next theorem gives a list of such basic properties of 
congruences, 


Theorem 1.2 Properties of Congruences 

Let n and k be positive integers, and a, b, c, d be integers. Then 

a) a=a(mod n); 

b) i. a=b(mod n), then b = a (mod n); 

b (mod m) and b=c (mod n), then a = c (mod n); 

(mod n) and ¢ = d (mod n), then a+e¢=b+d (mod n); 
( 

b( 


e) PE =b (mod n) and d(mod n), then ac = bd (mod n); 
mod n), then a* = b* (mod n). 


This list may look rather forbidding, but each of these six properties is 
quite simple. 


Properties (a), (b) and (c) are easy to prove; for example, the truth of 
property (c) is evident if it is rewritten as follows: if a and b have the same 
remainder on division by n, and b and ¢ also have the same remainder on 
division by n, then this is also true of a and c. This property enables us to 
string together a list of congruences with the modulus at the end: 


a=b=c(mod n). 
To prove property (d), note that if a= 6 (mod n) and e = d (mod n), then 
a—b=kn and e—d=In, (1.2) 
for some integers k and |. Adding these two equations gives 
(a—b)+(c—d)=kn+lIn; 
that is, 
(a+c) —(b+d)=(k+l)n, 
which implies that a +c =b+d (mod n), since k +1 is an integer. 
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Activity 1.5 Subtracting congruences 


Prove that if a =b (mod n) and e=d (mod n), then 


a—c=b—d(mod n). 


A solution is given on page 42. 


The proof of property (e) also follows from equations (1.2), by writing 
ac = (b+ kn)(d + In) 
= bd +n(kd + [b+ kin). 
Since kd + [b+ kln is an integer, this shows that ac — bd is a multiple of n, 
and hence that ac = bd (mod n). 
Finally, property (f) is proved by repeated application of property (e) with 
c=aand d=b. Since a=b(mod n), we deduce that 


a* = b* (mod n) and hence a* = b* (mod n), 


and so on. Thus if a = 6 (mod n), then a* = b* (mod n), for all positive 
integers k. 


It is property (f) which shows how powerful this idea of congruence can be. 
For example, consider the congruence 

71 = —1 (mod 8), 
There is nothing remarkable about this congruence, but let us now apply 
property (f) to it, with # = 1000, We deduce that 

7110 = (—1)' (mod 8); 711°" = 1 (mod 8), 
because 1000 is an even integer. Thus 71'°° has remainder 1 on division 
by 8. 


The number 71!°° is huge. It would be extremely difficult to determine its 
value and then discover its remainder on division by 8 directly, With 
property (f), however, we obtain the answer immediately. Moreover, we 
know that the remainder on division by 8 would still be 1 if we replaced 
1000 by 10000, or indeed by any even positive integer! 


that is, 


Before offering you the chance to try your hand at finding remainders of 
these ‘high-powered’ numbers, we give a slightly more complicated 
example. In this example, we want to find the remainder when 3'° js 
divided by 13. The approach we use is to calculate the remainders on 
division by 13 of the successive powers of 3, continuing until a repeating 
pattern emerges. 


We deal with the first few powers directly: 
3! = 3 (mod 13), 3° =9 (mod 13), 3° = 27 =1 (mod 13). 
Now, we repeatedly multiply by 3 and use property (e): 
3' = 3 (mod 13), 3° =9 (mod 13), 3°=1 (mod 13). 
Thus, the remainders form the repeating sequence 3,9, 1,3,9,1,..., with 


3* =1(mod 13), whenever k is a positive multiple of 3. 


Here we use 


a’ =axa 
a =axa* 
and so on, 


Certainly this number is too 
large for your calculator to 
handle. 


Although 3! = 3, 3? = 9 and 
3° = 27, it looks neater to use 
= when working with 
congruences. 


i 


You can check your answers 
to this activity by using the 
Mathead file 221D2-01, 


See Activity 1.6(c). 
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Since 999 is a multiple of 3, 
3°° = 1 (mod 13), 

and so 
3/0 = 3 (mod 13). 


Hence, 3! has remainder 3 on division by 13. 


Activity 1.6 Finding remainders by repeated multiplication 


Use repeated multiplication to find the remainder when 
(a) 2% is divided by 7; 

(b) 41° is divided by 10; 

(c) 51° is divided by 7. 


Comment 
(a) 2! =2 (mod 7), 2? =4 (mod 7), 2*=8 =1 (mod 7), so 
2* =1(mod 7), whenever k is a positive multiple of 3. 


Hence 2°° = 1 (mod 7) and so 
288 = 2% x 9? =1x4=4 (mod 7). 

Thus the remainder is 4. 

(b) 4! =4 (mod 10), 4? = 16 =6 (mod 10), 4° = 24 = 4 (mod 10), so 

4* = 4 (mod 10), whenever k is an odd positive integer. 

Hence 4°" = 4 (mod 10) and so 
4'°° = 6 (mod 10). 

Thus the remainder is 6. 


(c) 5! =5 (mod 7), 5? = 25 =4 (mod 7), 5° = 20 = 6 (mod 7), 
54 = 30 = 2 (mod 7), 5° = 10 =3 (mod 7), 5° = 15 = 1 (mod 7), so 


5* = 1 (mod 7), whenever k is a positive multiple of 6. 
Hence 5°° = 1 (mod 7) and so 
510 = 5° x 54=1 x 2=2 (mod 7). 


Thus the remainder is 2. 


In Activity 1.6(c) you may have begun to wonder whether the process of 
taking higher and higher powers will always lead to a repeating pattern of 
remainders. The answer to this question is ‘yes’. The remainders all belong 
to the same set of integers 0,1,2,...,n—1, where n is the modulus. So if 
we carry on calculating powers long enough, then eventually we obtain a 
remainder that was found earlier, and a repeating pattern must follow. 
Part (b) shows that remainder 1 does not always appear. 


The calculation of these remainders can usefully be arranged in a table of 
the following kind. 


5k [5° | 5! | 5? | 5° | 54 | 55 | 5°] 57]... | 5%]... | 519 | 
(mod 7)[1]5{4[e6]2]3lils]...[1|...] 2 | 
It helps to spot repeating patterns by including the entries for k = 0. 
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Warning 

We have made repeated use in these calculations of the fact that 

congruences can be ‘multiplied’ by an integer; that is, if a = b (mod n), 

then ca = cb (mod n). 

This is a special case of Theorem 1.2, property (e). However, congruences 

cannot, in general, be ‘divided’ by an integer; a counter-example is A counter-example is an 


ih ich sh hat 
10=6(mod 4) but 53 (mod 4). ea 


1.3 Repeated squaring 


In some applications, we need to find remainders when much larger See Section 4. 
numbers are involved. For example, even to find the remainder of 14*7 on 
division by 55, involves calculating the following remainders. 
14* Py 1S Pee fe a es Sl (esa Sl Poros Ve ell 
14* (mod 55)| 1 [14 [31] 49]...[ 9 [...[ a [...[ a [...] 9 | 


This calculation is evidently tedious, involving repeated multiplication by 
14 and then finding of remainders modulo 55. 


A more efficient method, especially for large numbers, uses the idea of 
repeated squaring. This enables us to calculate the remainders on division 
by 55 of 144, 147,144,148, .... 

14' = 14 (mod 55) 

14? = 196 (mod 55) 
31° = 961 = 26 (mod 55) 


Now, we can express 27 as the sum of powers of 2 as follows: 
27 =14+2+8+16. 
Thus 
1477 = 14! x 14? x 148 x 14° (mod 55) 
= 14 x 31 x 16 x 36 (mod 55) 


249 984 = 9 (mod 55). Alternatively, use 
A given positive integer k can always be expressed as a sum of powers of 2, 14 x 31 = 49 (mod 55), 
as follows. First find the largest power of 2, say 2”, which is less than or 49 x 16 = 14 (mod 55) 


equal to k. Then 
k=2"+k', where 0< k' < 2”. 


14 x 36 = 9 (mod 55). 


Now repeat this process with k’ instead of k, and continue until the 
remainder term is 0 or 1, For example, k = 19 gives 


19=16+3, 
so k' = 3 and 

3=2+1. 
Hence 


19=16+2+1. 


13 


You can check your answer to 
this activity using the 
Mathcad file 2212-01. 


See the solution to 
Activity 1.7. 
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Activity 1.7 Finding remainders by repeated squaring 


Use the method of repeated squaring to show that 
15'° = 25 (mod 55). 


A solution is given on page 42. 


The calculation of ‘repeated squares’ remainders can also be arranged in a 
table. 


1627 | 15! | 15? | 154 | 158 | 1546 |... 
15?" (mod 55)| 15 | 5 | 25 | 20 | 15 |... 
We shall find such tables useful in Section 4. 


Summary of Section 1 


In this section you have: 


© met the notion of congruence, which arises by considering remainders 
on division by positive integers; 
© seen how the rules for manipulating congruences make it possible to 


determine the remainders of large powers on division by positive 
integers. 


Exercises for Section 1 


Exercise 1.1 

Use repeated multiplication to find the remainder when 
(a) 4" is divided by 11; 

(b) 8° is divided by 25. 

Exercise 1.2 


Find the remainders in Exercise 1.1 using repeated squaring. 


2  Divisibility tests 


In his book Further Mathematical Diversions, Martin Gardner, the 
celebrated writer of popular mathematics, observed the following. 


A dollar bill that I have just taken from my wallet bears the serial 
number 61671142, A schoolboy could say at once that this number is 
exactly divisible by 2 but not by 5. Is it divisible [...] by 3? By 4? 
By 11? Few people, including many mathematicians, know all the 
simple rules by which large numbers can be tested quickly for 
divisibility by numbers 1 through 12. The rules were widely known 
during the Renaissance, before the invention of decimals, because of 
their usefulness in reducing large-number fractions to lowest terms. 
Even today they are handy rules for anyone to know. 


Tn this section, we use congruences to discover simple rules for finding the 
remainders when a large number, such as 61671142, is divided by any 
positive integer up to and including 13. It may already have occurred to 
you that such remainders can be found in a few steps using your 
calculator, but the rules given here can be used for much larger numbers 
(too large for the calculator to handle directly) should the need arise. 


These rules for finding remainders yield simple tests for divisibility when 
used to check for remainder 0. 


2.1 Division by 3, 9 and 11 


A simple test for divisibility by 3 involves forming the sum of the digits of 
the given number. If the resulting digit sum has more than one digit, 
then the process is repeated until a single digit remains. The original 
number is divisible by 3 if and only if this single digit is divisible by 3. For 
example, with 61 671 142 the successive digit sums are 


6414+6+7+14+14+4+2=28, 24+8=10, 1+0=1. 
Since 1 is not divisible by 3, it follows that 61671 142 is not divisible by 3. 
Let us see why this test works. Consider a positive integer a with digits 
@ (units), a, (tens), a2 (hundreds), and so on, 
Thus 
a = dy + ay X 10 + ay X 10? +++ +410", 
where mm + 1 is the number of digits in a. 


Now we use the fact that 10 = 1 (mod 3) to deduce, by Theorem 1.2, 
property (f), that 


10'=1 (mod 3), 10?=1(mod 3), 10*=1 (mod 3),.... (2.1) 
Next we use Theorem 1.2, properties (d) and (e), to deduce that 
a@=ay+a, xX 1+ay x 1+--++a,, x 1 (mod 3) 
= ag +a, + a2 +-++ +4, (mod 3). 


Therefore, a and its digit sum have the same remainder on division by 3, 
as do all the successive digit sums. 


For example, the numbers 
61671142, 28, 10, 1 


all have remainder 1 on division by 3. 


For example, 61671142 = 
24+4x10+1% 10? ++ 
+6 x10". 
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This 16 digit number is 
presented as you might see it 


on a credit card. 


Here 


10? = 


10* = —1 (mod 11), 


10'= 


and so on. 
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Activity 2.1 Division by 3 


Find the remainder when 
6341 7231 1083 2864 is divided by 3. 


Comment 


The successive digit sums are 59, 14, 5, and so the remainder on division 
by 3 is 2. 


You could have deduced the answer directly from the first digit sum, 59. 


Activity 2.2 Division by 9 
(a) Explain why the digit sum method described above also works for 
division by 9. 
(b) Find the remainder when 
6341 7231 1083 2864 is divided by 9. 
Comment 


(a) The digit sum method depends on congruences (2.1) and these 
congruences also hold modulo 9, because 10 = 1 (mod 9). Therefore 
the digit sum method works for division by 9. 


(b) Using the digit sums found in Activity 2.1, we find that the remainder 
on division by 9 is 5. 


The divisibility test for 11 is slightly different. It uses the fact that 
10 = —1 (mod 11), from which we deduce that 


10* = (—1)* (mod 11), for k=1,2,.... 


Therefore, if 

@=ay +a, X10 + a2 x 10? +--+ +4, x 10", 
then 

@ = dp — a + ay — +++ + (—1)"a,, (mod 11). 


Thus a has the same remainder on division by 11 as its alternating digit 
sum, which starts with the units digit. For example, with a = 61671 142, 
the alternating digit sum is 


2—4+1-147=-64+1-—6=11-17 ==6. 


Since —6 = 5 (mod 11), it follows that 61671142 gives remainder 5 on 
division by 11. 


Activity 2.3 Division by 11 
Find the remainder when 
6341 7231 1083 2864 is divided by 11. 
Comment 
The alternating digit sum is 


4—6+8—2-3—8+0—-1-+1—342—7 fl —-43=6 
= 22-37 = —-15. 
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Since —15 = 7 (mod 11), it follows that 6341 7231 1083 2864 gives 
remainder 7 on division by 11. 


Remark 


The number being tested may be so large that its alternating digit sum is 
again quite large. In this case, we can repeat the process of taking the 
alternating digit sum, as long as we remember to take account of any minus 
sign which appears. For example, in Activity 2.3 the alternating digit sum 
of —15 is —-(5 — 1) = —4, which is indeed congruent to 7 modulo 11. 


2.2 Division by 2, 4, 8, ... 


Most people can recognise an even number by looking at its final digit, but 
rather fewer people can recognise one that is divisible by 4, in spite of the 
need to identify leap years. 


In fact, if 

a= ap +a, x 10+ ay x 10? +--+ +a, x 10”, 
then 

a = a +, x 10 (mod 4), 
since 107, 10°,..., are all divisible by 4. 


Therefore a has the same remainder on division by 4 as the number formed 
by its final two digits. For example, the number formed by the final two 
digits of 61671142 is 42, and so 61671 142 has remainder 2 on division 

by 4. Similarly, we can find the remainder on division by 8 = 2°, by 
considering the number formed from the last: three digits, and so on. 


Activity 2.4 Division by 4 and 8 


Find the remainder when 
6341 7231 1083 2864 is divided (a) by 4 and (b) by 8. 


Comment 

(a) This number is congruent to 64 modulo 4, and so it is divisible by 4; 
hence the remainder is 0. 

(b) This number is congruent to 864 modulo 8, and so it is divisible by 8; 
hence the remainder is 0. 


You may like to check that this number is also divisible by 16 and 32, but 
not by 64. 


2.3 Division by 6 and 12 


To test a number for divisibility by 6, we simply apply the tests for 
divisibility by 2 and by 3, both of which must give the answer ‘yes’. The 
actual remainder, rg say, on division by 6 can be deduced from the 
remainders rz and rz obtained on division by 2 and by 3. One way to do 
this is to use the congruence 


15 = 3r_ — 2rg (mod 6). (2.2) 


This approach extends to 
division by 2" for each 
positive integer k because 10* 
is divisible by 2". 


We discuss why this 
congruence holds shortly. 
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For example, we already know that 

61671 142 = 0 (mod 2) and 61671 142 = 1 (mod 3), 
SO T2 = 0, r3 = 1. Hence 

16 = 3rg — 2r3 = —2 (mod 6), 
sorg = —2+6=4, 


A similar approach can be used to calculate the remainder 7, on division 
by 12, given the remainders rs and ry on division by 3 and 4, In this case 
we can use the congruence 


Tyo = 4rg — 3r4 (mod 12). (2.3) 
For example, since 61671142 = 1 (mod 3) and 61671142 = 2 (mod 4), 

T12 = 4rg — 3ry = —2 (mod 12), 
80 Mo = —2+12= 10. 


Activity 2.5 Division by 6 and 12 


Find the remainder when 
6341 7231 1083 2864 is divided (a) by 6 and (b) by 12. 


Solutions are given on page 42. 


Activity 2.6 Explanations 


Try to explain why the congruences (2.2) and (2.3) are true. 


Comment 


Suppose that @ has remainder 72 on division by 2 and remainder ry on 
division by 3. This means that 


a@=22+7r2 and a=3q,+73, 
where go and qy are the respective quotients. We now manipulate these 
two equations to obtain a on the left-hand side and multiples of q, and qs 
which are divisible by 6 on the right-hand side: 
a=3a—2a 
= 3(2q2 + r2) — 2(3q + 1s) 
= 6q2 — 6g3 + 3r2 — 273. 
Thus a = 3ry — 2ry (mod 6), and so the remainder of a on division by 6 is 
congruent to 3ry — 2ry modulo 6. This justifies congruence (2.2). 


A similar reasoning justifies congruence (2.3). 


2.4 Division by 7 and 13 


There is no very simple rule for divisibility by 7 or by 13 but, for the sake 
of completeness, we include rules for these. They are at least slightly 
quicker than long division. 
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Both rules depend on the intriguing factorisation 
1001 =7 x 11 x 13, 
which is the basis of various number tricks. Thus 
1000 =—1(mod 7) and 1000 =—1 (mod 13). 
We shall consider division by 7 first. If 
a =a +a, X 10 +43 x 10? +a x 10° + ay x 104+ a5 x 10° +--+, 
then 
a = (ap +a; x 10 + ay x 10°) + 10°(ay +04 x 10+4a5 x 10°) 
+ 10°(ag + a7 x 10 + ag x 10*) +++- (mod 7). 
Using the fact that 1000 = —1 (mod 7), we obtain 
a = (ao +, x 10 + a2 x 10°) — (a3 +. a4 x 10+a5 x 107) 
+ (ag +a; x 10+ ag x 10°) +--+ (mod 7), 
which is an alternating sum of 3 digit numbers. 
So, if we 
© split a every 3 digits, starting from the right, 
© find the remainder of each 3 digit number on division by 7, 
© form the alternating sum of these remainders, 


then the resulting number will be congruent to a modulo 7 (and much 
smaller than a). 


For example, if a = 61671142, then the remainders are as follows. 


61 | 671 | 142 
5 | 6 2 (mod 7) 


The alternating sum of these remainders is 
2-6+5=1, 
and so a=1(mod 7). Hence the remainder of a on division by 7 is 1. 


Exactly the same rule can be used for division by 13, provided that the 
remainders are calculated after division by 13. For example, if 
a = 61671 142, then the remainders are 


61 | 671 | 142 

9] 8 | 12 (mod 13) 
and their alternating sum is 

12-—8+9=13. 


Hence 61671 142 = 13 (mod 13) = 0 (mod 13), and so 61671 142 is 
divisible by 13, as you can readily check on a calculator. 


Activity 2.7 Division by 7 and 13 


Find the remainder when 


6341 7231 1083 2864 is divided (a) by 7 and (b) by 13. 


Solutions are given on page 42. 


Of course, the /ast number 
formed by the above splitting 
may have 1, 2 or 3 digits. For 
convenience, the phrase ‘3 
digit number’ is taken to 
apply also to the last number 
even if it has just 1 or 2 
digits. 


142 = 2 (mod 7) 
671 = 6 (mod 7) 
61 = 5 (mod 7) 
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Summary of Section 2 


In this section you have seen various simple rules for finding the 
remainders on division of large numbers by small positive integers. 


Exercises for Section 2 


Exercise 2.1 
State simple rules for finding the remainder when a positive integer is 
divided by 2, 5 or 10. Explain why these rules hold. 
Exercise 2.2 
Find the remainders when 
5230 6120 0972 1753 
is divided by 
(a) 2, (b) 3, (c) 4, (d) 5, (e) 6, (£) 7, (g) 8, (h) 9, (i) 10, (j) 11, (k) 12. 
Exercise 2.3 


(a) A rule for finding the remainder r,, when a positive integer a is divided 
by 14, given the remainders r, and rz on division of a by 2 and 7, is 


Ti4 = Tr2 — 6rz (mod 14). 
Explain why this congruence is true. 


(b) Use this rule to find the remainder when the integer in Exercise 2.2 is 
divided by 14. 


3 Modular arithmetic 


In this section we introduce a new kind of arithmetic, called modular 
arithmetic, and use this arithmetic to derive a remarkable technique for 
finding the remainder of a large power on division by a prime number. 


3.1 Modular addition and multiplication 


Let n be a positive integer. Every integer is congruent modulo n to exactly While reading this subsection 


one of the numbers 0,1,2,...,.—1, by the Division Algorithm, and so it you may find it useful to try 
is convenient to have a notation for this special set of numbers. The the Mathcad file 221D2-02. 
notation Z for the integers {0,+1,+2,...} has been adapted to give 


Z, = {0,1,2,...,n —1}. 
For example, Z, = {0,1} and Z; = {0,1,2,...,6}. 


We perform modular arithmetic on Z,, by using an addition operation +,, 
and a multiplication operation x,, which are defined as follows. 


Definition 
For a and b in Z,,, the operations +,, and x,, are defined by: 
a+, 6 is the remainder on division of a+b by n; In words, a +p 6 is 
a x,, b is the remainder on division of a x 6 by n. ‘a plus b modulo n’ 


and a xX, bis 

For example, 2 and 4 are both in Z, and ‘a times 6 modulo n’. 
24+4=6, so 2+;4=1, 
2x4=8, so 2x,4=3. 

Modular arithmetic should not be completely new to you, as we regularly 


use the operation + 2, for example, when measuring time. For this reason —_ For example, 2 o'clock is 
modular arithmetic is sometimes called ‘clock arithmetic’. 4 hours after 10 o'clock. 


Activity 3.1 Modular arithmetic 


Evaluate the following. 
(a) 4+54, 3+64, 1l+93, 7+98, 10 +124 
(b) 4x54, 3x64, 1x93, 7X98, 10x24 


Solutions are given on page 42. 


For small values of n, we can conveniently study addition in Z,, by 
constructing addition tables, as follows. 


+2{0 1 +5/0 12 +,/0 1 23 
Clot oOlot2 wir as 
© [eco | ezec eh ea 8 6 
22a Ol 620/200 
Bus. (Ot 2 
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In Chapter D1 you saw that 
addition and multiplication 
are commutative and 
associative on C. 
For example, 

2x5 (3x54) =4 
and 


(2x53) x54=4. 
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Activity 3.2 Patterns in the Z,, addition table 


(a) Construct the addition tables for Z; and Z,. 


(b) What patterns do you see in these and the earlier addition tables? Try 
to explain why these patterns occur, 


Solutions are given on page 43. 


In a similar way, we can construct multiplication tables for Z,,, but here 
the overall structure of the tables is more mysterious. 


Ka: [OL e501 12) sealed 2) 18 
CN CS ye Fo a) 
dy Oi Ged 2 \|0 aging 
DOueeat | ABN e on 

$)0) 32 4 


Activity 3.3 Patterns in the Z,, multiplication table 


(a) Construct the multiplication tables for Z; and Z,. 


(b) What patterns do you see in these and the earlier multiplication 
tables? Try to explain why these patterns occur. 


(c) Formulate a conjecture about which rows and columns of the 
multiplication table for Z,, include all the numbers from Z,,. 


(Hint: In answering this part, consider the factors of n and of the row 
or column number.) 


Solutions are given on page 43. 


In the solutions to Activities 3,2 and 3.3, we pointed out that, for all a and 
bin Z,, 


a+,b6=b+,a and ax,b=bx,a. 


These properties may be described by saying that the operations +, and 
x, are both commutative on the set Z,,. These operations are also 
associative on Z,,; that is, for all a, b and c in Z,, 


atn(b+nc)=(a@+nb)+,e¢ and ax, (bx, ¢) = (aX, b) X,e 


These useful properties enable us to write sums a+, b+, ¢+, +++ and 
products a x, b X,,¢ X, +++ without the need for brackets. 


The proofs of these two associative properties are very similar. We invite 
you to discover the proof for +, in the next activity. 
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Activity 3.4 Proving associativity 


Prove that, for all a, b, c in Z,, 
+n (b+n ¢) = (a +n b) tye 


(Hint: Try to show that both sides of this equation are congruent 
modulo n to a+b +c, using Theorem 1.2.) 


A solution is given on page 43, 


3.2 Multiplicative inverses 


A key question was considered in Activity 3.3: While reading this subsection 
you may find it useful to try 


Which non-zero rows and columns of the multiplication table for Z,, the Mathcad file 221D2-02, 


include all numbers from Z,,? 


By inspecting several multiplication tables, we conjectured that the answer 
to this question has something to do with common factors. We say that 
two positive integers a and b have a common factor c if ¢ is a factor of 
both a and b; that is, if c is a positive integer which divides exactly into a 
and b. For example, 


2 and 4 have common factors 1 and 2, 
4 and 15 have common factor 1, 
12 and 18 have common factors 1, 2, 3 and 6. 


Clearly, any two positive integers a and 6 will have c = 1 as a common 
factor. If their only common factor is c = 1, then we say that a and b are 
coprime or, equivalently, that a is coprime with b. For example, 4 and 
15 are coprime, but 12 and 18 are not. 


Tt appears that row a of the multiplication table for Z,, includes all The following discussion is in 
numbers in Z,, if and only if a and n are coprime. We shall prove that this terms of rows, but it applies 
conjecture is true, but first we ask you to practise finding common factors. equally well to columns. 


Activity 3.5 Finding common factors 


(a) Which non-zero numbers in Zo are coprime with 9? 


(b) Check that only the corresponding rows of the multiplication table for 
Zz include the whole of Zy. 


Solutions are given on page 43. 


In all the multiplication tables for Z,, that we have considered, the See pages 22 and 43. 
appearance of the number 1 in a given row seems to indicate that the row 
includes all numbers in Z,,. We now establish this property. 


Lemma 3.1 
If 1 appears in a row of the multiplication table for Z,, then each 
number in Z,, occurs exactly once in that row. 


23 


We say ‘the’ multiplicative 
inverse because, as you will 


see, there can be at most one. 
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Suppose that 1 does appear in row a, say, of the multiplication table for 
Z,, This means that there is a number b in Z, such that a x, b= 1. 


Now, suppose that c is any member of Z,,. Then 


KG26,:0) Kec Le cic, 
so, by the associativity of the operation x,,, 


axed xq ec) =e 


This shows that c lies in column b x,, c of row a. Hence, since c is any 
member of Z,,, row a must include the whole of Z,,. Moreover, since Z,, has 
nm members and row a has n entries, each member of Z,, occurs exactly 
once in row a. This proves Lemma 3.1. 


Because Lemma 3.1 shows that the number 1 is of such significance in the 
multiplication table for Z,,, we introduce the following definition, 


Definition 
Let n, a and b be positive integers with a and b in Z,, and suppose 
that a x, b= 1. Then 6 is the multiplicative inverse of a in Z,,. 


For example, 8 has multiplicative inverse 5 in Z;y because 8 x;3 5 = 1, and 
5 has multiplicative inverse 2 in Zy because 5 Xg 2 = 1. On the other hand, 
6 has no multiplicative inverse in Z, (see row 6 of the table in the solution 
to Activity 3.5). 


We can use Lemma 3.1 to show that if a has a multiplicative inverse, then 
that multiplicative inverse is unique. If a has a multiplicative inverse, then 
1 lies in row a. Hence, by Lemma 3.1, each member of Z,, appears exactly 
once in that row. In particular, 1 appears exactly once in row a, and the 
number at the top of the corresponding column is the multiplicative 
inverse of a. 


We now describe a method of finding multiplicative inverses, when they 
exist. For small values of n, they can be found by trial and error, or by 
consulting the multiplication table for Z,, if that is available. However, as 
n increases in size, the following method becomes much more efficient, It is 
known as Euclid’s Algorithm, and was described in Euclid’s Blements, 
which dates from around 300 BC. 


Suppose, for example, that we wish to find the multiplicative inverse of 9 
in Zo; that is, we seek a number b in Zo, such that 9 x25 6 = 1, or, 
equivalently, such that 


9b= 25k +1, for some integer k. (3.1) 


We apply the Division Algorithm (Theorem 1.1) repeatedly, first dividing 
25 by 9: 


25=2x9+7 
9=1x7+2 (3.2) 
7=3x2+1 
2=2x1+0 


At each step we divide the divider in the row above by the remainder in the 
row above, repeating the process until we reach a remainder of 0 (which 
must occur, because the remainders decrease by at least one at each step). 


SECTION 3 MODULAR ARITHMETIC 


We can use the equations (3.2) to find integers b and k which satisfy 
equation (3.1). To do this, we rearrange the first three of equations (3.2) 
and put them in reverse order, as follows: 


1=7-3x2 
2=9-1x7 
7=25-2x9. 


We now eliminate multiples of 2 and 7 by successive substitutions, as 
follows: 


1=7-3x2 
=7-3(9-1%7) 


= 3 WOT aT Note that the numbers to be 
=-3 x 9+4(25 — 2x 9) substituted have been kept to 


=4x25-11x9. the right. 


To obtain an equation in the form of (3.1), we rearrange this equation as 
follows: 


9 x (-11) = 25 x (-4) +1. (3.3) 
Thus equation (3.1) holds with b = —11 and k =—4. 


The problem with this solution is that b = —11 does not belong to Zo5. 
However, it follows from equation (3.3) that 


9 x (—11) = 1 (mod 25), 
and since —11 = 14 (mod 25), we obtain 
9 x 14 = 1 (mod 25). 


Hence b = 14 is the multiplicative inverse of 9 in Zoy. As a check: 
9x 14 = 126 
Activity 3.6 Finding multiplicative inverses =5x25+1. 


Use Euclid’s Algorithm to find: 
(a) the multiplicative inverse of 7 in Z,.; 
(b) the multiplicative inverse of 9 in Zog. 


Solutions are given on page 43. 


The above examples indicate that we can find a multiplicative inverse 
whenever repeated use of the Division Algorithm produces a remainder of 
1 at the penultimate step. We now show that the remainder 1 will occur 
whenever a and n are coprime. Indeed, if we try to use Euclid’s Algorithm 
to find the multiplicative inverse of a in Z,,, then it takes the following 


form: 
n=qat+nr, O0<r<a, 
a =r) +Ta 0<m<n, 
T =QaT2 +73, O0<1r3 <1, 
Tm—2 = mTm—-1 +m, O<Tm <Tm—1, 
Tm—1 = Qm4ilm +0, 


where m is a positive integer. As noted earlier, the remainders r;,12,..., 
decrease by at least one at each step, so they must eventually reach 0. 
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If n and a are not coprime, 
then the remainder r,, in 
Euclid’s Algorithm is the 
highest common factor of n 
and a, 


This theorem also holds if 
‘row’ is replaced by ‘column’. 


For example, see the 
multiplication table for Zs in 
the solution to Activity 3.3. 


26 


CHAPTER D2 NUMBER THEORY 


The final equation shows that r,, is a factor of r,—,, and then the 
penultimate equation shows that r,, is also a factor of r,,—2. Continuing in 
this way, we find that r,, is a factor of all the remainders, and so of both a 
and n. Since a and n were assumed to be coprime, we deduce that r,, = 1. 
Therefore, the penultimate equation has remainder 1, just as we hoped. 


This reasoning shows that if a and n are coprime, then a does have a 
multiplicative inverse in Z,,, Therefore, we have proved part of the 
following theorem, which answers the conjecture formulated in 
Activity 3.3(c). 


Theorem 3.1 

Let n and a be positive integers, with a in Z,. The following three 
statements are equivalent: 

(a) a and n are coprime; 

(b) a has a multiplicative inverse in Z,,; 

(c) row a of the multiplication table for Z,, includes all of Z,,. 


To say that these three statements are ‘equivalent’ means that if any one 
of the statements is true, then the other two statements are also true. 


We have just proved using Euclid’s Algorithm that if statement (a) is true, 
then statement (b) is true. We also know that if statement (b) is true, 
then statement (c) is true, by Lemma 3.1. Thus to conclude that all three 
statements are equivalent, we only need to show that if statement (c) is 
true, then statement (a) is true. 
But if row a includes all members of Z,,, then this row certainly includes 1, 
so a has multiplicative inverse, b say: 

ax,b=1; 
that is, ab = 1 (mod n), and so 

ab=kn +1, 


for some integer k, But this last equation implies that a and n are 
coprime, because any common factor of a and n must also be a factor of 1, 
Thus a and n are coprime, so the proof of Theorem 3.1 is complete. 


The following result follows easily from Theorem 3.1. 


Corollary 3.1 
Let p be a prime number. Then each non-zero row of the 
multiplication table for Z, includes the whole of Z,. 


Corollary 3.1 holds because if p is prime, then any positive integer a in Z, 
has no common factor with p which is greater than 1. Indeed, p has no 
factors other than 1 and p. 


This corollary will have a key role to play shortly in a remarkable result 
about remainders of powers. First, however, we briefly mention the 
relevance of Theorem 3.1 to star polygons. These figures are obtained by 
placing n points evenly around a circle and joining successive pairs of 
points which are a points apart on the circle, where 1 < a <n—1 (see 
Figure 3.1). If a= 1 or a=n— 1, we obtain an ordinary polygon. 
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y 


re 


n=5,a=2 


Figure 3.1 Two star polygons 


If we label the points 0,1,2,...,m—1, as in the diagrams, and call the 
sequence of points visited on the star polygon x,2,,...,2,—;, where 
ay = 0, then 


a, =ka(mod n), fork =0,1,2,...,n—1 


Therefore, the sequence iy, 2) ‘n~1 is identical to the sequence of 
entries in row a of the multiplication table for Z,. Theorem 3.1 implies 
that the star polygon passes through all n points on the circle if and only 
if a and n are coprime, as in the two diagrams above. You may like to 
experiment to see what happens when a and n are not coprime, 


3.3 Fermat’s Little Theorem 


Pierre de Fermat (1601-1665) was a lawyer in the French city of Toulouse, 
who became interested in mathematics. Though only an amateur 
mathematician, he made contributions to number theory that have placed 
him amongst the ‘all-time greats’ of the subject. 


Fermat did not record his results and proofs systematically, but 
communicated them by letters to his friends and scribbled them in the 
margins of his mathematics books. The result we shall now describe was 
sent by Fermat in 1640 to an acquaintance with the comment ‘I'd send you 
the proof, but I fear that it is too long’. In fact, a proof of the result was 
first published by Euler 100 years later. 


Theorem 3.2 Fermat’s Little Theorem 
Let p be a prime number, and let a be a positive integer which is not 
a multiple of p. Then 


a’~' = 1 (mod p). 


This result certainly counts amongst the gems of mathematics, for it is 
easy to state, needs very little prior knowledge to understand, is by no 
means obvious and yet has a short elegant proof (as you will see). 

It has an important application to finding remainders of powers modulo p, 
where p is a prime number. For example, in Activity 1.6(c), you found that 


5° = 1 (mod 7), 


Ifn =5 and a = 2, then 


Fermat's Little Theorem is 
often stated with the 
conclusion 


a” =a (mod p), 


which holds even if a is a 
multiple of p. 
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Of course, 7° = 0 (mod 7). 


The bottom right entry in the 
table is 1 because 


(p—1)? =p? — 2p +1 
= 1 (mod p). 
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by calculating the successive powers of 5 modulo 7. However, this 
congruence follows immediately from Fermat’s Little Theorem, by taking 
p=T7and a=5. More generally: 

1®=1(mod 7), 2°=1(mod7), 3°=1 (mod 7), 

4° =1(mod 7), 5°=1(mod7), 6° =1 (mod 7), 

8°=1(mod 7), 9°=1(mod7), 10°=1(mod 7), 


and so on, 


Activity 3.7 Using Fermat's Little Theorem 


Use Fermat’s Little Theorem to find the remainders when 
(a) 31% is divided by 19; 

(b) 3°° is divided by 19; 

(c) 16 is divided by 11. 

(In part (b), it helps to note that 55 = 3 x 18 +1.) 


Solutions are given on page 44. 


Remark 


Before applying Fermat's Little Theorem, we need to be sure that the 
number p is prime. We can easily compile a list of the prime numbers up 
to, say, 100 by inspection: 


2,3,5,7,11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97. 


The obvious way to check whether a larger number, such as 10001, is 
prime is to check it for divisibility by the primes 2,3,5, and so on. But 
how many primes do we need to try? In fact, we need only try the primes 
up to floor(/10001) = 100, because if 10001 is not prime, then it will have 
at least two factors, which cannot both be strictly greater than y 10001. 
Thus, we need only try the primes on the above list. It turns out that 
10001 = 73 x 137, so it is not prime. 
The above list is also long enough to check whether 10007 is prime, since 
floor( 10007) = 100; this time it turns out that the number is prime. 
In general, given a positive integer n, we need only test n for divisibility by 
prime numbers up to floor(,/7) in order to check whether or not n is prime. 
There are several ways to prove Fermat’s Little Theorem, but perhaps the 
most elegant uses Corollary 3.1. Suppose first that a is a non-zero member 
of Z,. Then, by Corollary 3.1, row a of the multiplication table for Z, 
includes all of Z,. 

Xp [0D 25 ped 

0 0 0 (lh ety 0 
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Therefore, the non-zero members of row a of this table are just the 
numbers 


i.e, (3.4) 


in some order. Because this is a multiplication table, these numbers are 
the remainders on division by p of the products 


a,2a,...,(p—1)a. (3.5) 


Therefore, the product of the p—1 numbers in (3.5) is congruent modulo p 
to the product of the p— 1 numbers in (3.4): 


ax 2ax-+- x (p—1)a=1x2x--+ x (p—1) (mod p). 
This congruence can be rewritten as 

a?~'(p — 1)! = (p— 1)! (mod p), 
and then again as 

(a?! — 1)(p — 1)! is divisible by p. 
Now p is not a factor of (p — 1)!, because p is prime, so we deduce that p is 
a factor of a?! — 1. Thus 

a’! =1 (mod p). 
This is the required result for a in Z,, a #0, 
Finally, suppose that a is any positive integer which is not a multiple of p. 
Then b, the remainder on division of a by p, satisfies 0 < b < p, because a 
is not a multiple of p. Hence, by the first part of the proof, 

b’'=1(mod p) so a’-!=b""!=1 (mod p), 


since a = b (mod p). Thus the proof is complete. 


Remarks 
1, In the proof we used the fact that if a product zy has a prime factor p, 


then at least one of x,y must have factor p. This is not quite so 
obvious as it may seem, but can be proved as follows. 


Suppose that p is a factor of xy but p is not a factor of y. Then the 
remainder r of y on division by p is non-zero. Since p is prime, r has 
multiplicative inverse, 2 say, in Z,; that is, 


rz =1(mod p), so yz = 1 (mod p). 
Hence x(yz) = x (mod p), and so 2 must have a factor p, because 
a(yz) = (xy)z does. 

2. It is possible that a smaller power of a than p—1 may be congruent to 
1 modulo p. For example, if a = 2 and p = 7, then, by Fermat's Little 
Theorem, 2° = 1 (mod 7). In this case, however, the power 6 is not the 
smallest possible since 2° = 1 (mod 7) also. 

3. Ifa is a non-zero number in Z,, where p is prime, then by Fermat’s 
Little Theorem, 

ax a?* =a? =1 (mod p). 
Thus the multiplicative inverse b of a satisfies 
b =a”? (mod p). 


Even for large p, this formula is quite a good way to find the 
multiplicative inverse of a in Z,, as long as repeated squaring is used. 


See Remark 1 after this proof, 
for a justification of this step. 


This is also the key fact 
needed to prove uniqueness of 
prime factorisation; see the 
Introduction. 
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This subsection will not be 
assessed, 


For example, 


29 = 27 +57. 


For example, 


2” +1 = 257 (a prime). 


The Greek mathematician 
Diophantus is believed to. 
have lived around 250 AD, in 
Alexandria. His book 
Arithmetica, a collection of 
problems whose solutions are 
positive integers, had great 
influence in later centuries. 


Elliptic curves have equations 
of the form 


y=r® +ax*+br+e. 


They are not ellipses, but 
they are related to ellipses. 
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3.4 Fermat’s legacy 
We end this section with some remarks about Fermat’s other work. 


In a letter to a colleague in 1650 he summarised ‘le compte de mes reveries 

sur le sujet des nombres’ (‘the account of my musing on the subject of 

numbers’), Amongst many results, which he stated without proof, were 

the following. 

(1) Every prime number of the form 4n + 1 can be written in a unique way 
as the sum of two squares. 

(2) The equation «* + y° = z* has no solution in positive integers. 

(3) Every integer of the form 2?” + 1 is prime. 


Fermat also described his ‘method of infinite descent’ for proving results of 
this type about positive integers. His idea was to show that if one 
counter-example to the result exists, then there must exist a second 
smaller counter-example, and hence a third yet smaller, and so on. As 
there cannot be infinitely many smaller counter-examples, the original 
counter-example could not have existed. 


It is quite possible that Fermat did prove (1) and (2) by his method, 
but (3) was shown to be false by Euler who found the counter-example 


2°” 41 = 4294967 297 = 641 x 6700417. 


Another assertion made by Fermat was that each of the equations 


n 


2" +y"=2", where n> 3, 


has no solution in positive integers. This assertion was written in his copy 
of Diophantus’ Arithmetica. Fermat wrote that he had a truly wonderful 
proof, but the margin was too narrow to contain it. 


During the 18th, 19th and 20th centuries, Fermat’s Last Theorem, as 
his assertion came to be called, acquired increasing celebrity as a succession 
of eminent professional mathematicians tried and failed to solve it. Much 
useful number theory was discovered in the process, but the original 
problem remained stubbornly resistant. When a large prize was offered for 
a solution in 1908, many amateur mathematicians took an interest and the 
professionals have been inundated with alleged proofs ever since. 


Fermat’s Last Theorem was finally proved in 1994. The proof can be said 
to have begun in 1985 when a German mathematician Gerhard Frey 
suggested a possible link between Fermat’s Last Theorem and a conjecture 
about so-called elliptic curves, made by the Japanese mathematicians 
Yutaka Taniyama and Goro Shimura in the 1950s and 1960s. In 1986, the 
American mathematician Kenneth Ribet showed that this conjecture does 
indeed imply Fermat's Last Theorem. 


At this point, Andrew Wiles, an English mathematician who had trained 
at Cambridge but worked in the United States, decided to try and prove 
the Shimura~Taniyama conjecture. After seven years working in secret, he 
announced, during a lecture in Cambridge in June 1993, that he had 
proved a special case of the conjecture from which Fermat's Last Theorem 
follows. This announcement made headlines in the world’s press, but a few 
months later a colleague found a gap in Wiles’ 200 page proof. Wiles spent 
a further agonising year working to fill the gap, first alone and later with 
Richard Taylor, an English mathematician then at Cambridge. In October 
1994, when many experts had begun to feel that the gap would not be 
filled, two manuscripts appeared, a long one by Wiles proving the special 
case of the Shimura~Taniyama conjecture (and thus Fermat’s Last 
Theorem) by a different method, and a short one by Taylor and Wiles, 
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containing a key step needed in the long paper. These papers were 
published in the prestigious journal Annals of Mathematics, forming the 
entire content of its May 1995 issue. 


This proof of Fermat’s Last Theorem is remarkable in that it draws on 
many diverse and deep areas of modern mathematics, largely developed 
with different purposes in mind. Parts of the proof have already been 
simplified, but it is very unlikely that such simplification will ever result in 
a proof that Fermat himself could have devised! 


Summary of Section 3 


In this section you have met: 
© the operations +,, and x,, of modular arithmetic; 
© multiplicative inverses, found by Euclid’s Algorithm; 


© atheorem that states which members of Z,, have multiplicative 
inverses; 


© Fermat's Little Theorem. 


Exercises for Section 3 


Exercise 3.1 
Use Euclid’s Algorithm to find the multiplicative inverses of 
(a) 13 in Zo; (b) 25 in Z5g; (c) 13 in Zao. 


Exercise 3.2 
Use Fermat’s Little Theorem to find the remainders when 
(a) 5° is divided by 13; (b) 41%" is divided by 19. 
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4 Cryptography 


When a sensitive message is transmitted, it is usually first transformed by 
applying a process called a cipher, in order that the message can be read 
only by those capable of reversing the cipher process. Such ciphers have 
been used throughout history for military and diplomatic communications, 
but in recent years they have been needed increasingly to protect 
electronic transfer of business information and money. 


Taken together these are The design of such ciphers is called cryptography and the process of 
called cryptology. breaking them is called cryptanalysis. 


In this section we give a very brief indication of how number theory has 
contributed to these important subjects. 


4.1 Additive ciphers and multiplicative ciphers 


We begin by defining some basic terms associated with cryptography. A 
message, also known as messagetext or plaintext, consists of a finite 
sequence of characters chosen from some finite set 9, such as the English 
alphabet. We define a cipher to be a function f with domain 2 and 
codomain 2, which is one-one and so has an inverse function f~' with 
domain 2. We also refer to f as a cipher on 2. To encipher a message 
we apply the function f to the characters of the message in turn; this 
produces the ciphertext. To decipher this ciphertext, we apply the 
inyerse function f~'. 


For example, if 
N= {A,B,C,,..,X,¥, 2}, 
then the following function f is one-one on 92. 


ABE CMI Eee oe, eh 


flit dd + ted 
DB GSH en 2 AD Be 


The function f transforms each letter to the one three places after it in the 
alphabet (with wrap-around), and f~! transforms each letter to the one 
three places before it (or, equivalently, 23 places after it). Thus f is a 
cipher, which enciphers the message ‘HAPPYNEWYEAR'’ to give the 
ciphertext ‘KDSSBQHZBHDU’. It is called Caesar’s cipher, after a 
similar cipher used by Julius Caesar. 


In order to use modular arithmetic in the design of more sophisticated 
ciphers, we replace letters by numbers. In the English alphabet, it is 
convenient to replace the 26 letters by corresponding members of Z2, as 
follows. 


A|B|C|D|B|F|G|H|I| J|K|L|M|N|O|P|Q(R|S|T|U|V|W|XxX|¥ |Z 
T/2[3[4][ 5/6] 7/8 [9] 10] 11 [12/13] 14] 15] 16 |17|18]19/ 20/21/22] 23] 24/25] 0 


Written in Z.¢, the message ‘HAPPYNEWYEAR’ appears as the sequence: 
In this section, we use the (8, 1, 16, 16, 25, 14, 5, 23, 25, 5, 1,18), 


notation (-+-) for finite 
sequences of integers. 
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and Caesar's cipher has rule 
f(m) =m +26 3, and f~'(c) = ¢ +26 23. 


Note that throughout this section we use m for a term of the messagetext 
and e¢ for a term of the ciphertext. 


Caesar’s cipher is one example of the family of additive ciphers on the 
set Z,,, defined as follows. 


Definition 
Let n be a positive integer and let k be in Z,, with k #0. The 
additive cipher A, on Z,, has rule 


Ax(m) =m +), k. 

Moreover, it can be shown that A,’ has rule 
Agi (Cc) =e +n, 

where k’ is in Z,, with k +k’ =n. 


(We have included a result in the definition box so that the rules for A, 
and Aj," are in one place.) 


In Caesar's cipher we have n = 26, k = 3 and k’ = 23. When a family of 
ciphers depends on a parameter k in this way, the parameter is called the 
key. Although a given fixed additive cipher would not be very secure, 
considerably more security could be achieved by refinements such as the 
following: 
© letting the key vary through the message in some complicated way, 
known to both the encipherer and the decipherer; 
© splitting the message into blocks of d characters in Z,,, transforming 
each block (mo, 7m, 1™M2,-..,Ma-1) by a one-one function such as 
(m9, My, Ma, 0665 Mgn-1) —F Mo + M, KX N+ IM. KNB + Mg x NT! 
into an integer in Zy, where N = n“, and then using an additive 
cipher on Zy. 
We shall ignore such refinements and methods of breaking ciphers. We 
concentrate on defining families of ciphers, using modular arithmetic, 
which are likely to be intrinsically better than additive ciphers. Our model 
for such ciphers is shown in the diagram below. 


message —| encipher }—® ciphertext —»} de er [+ message 
[> Ay(m) =e [af Ay(c)=m 


3 
: 
= 


Figure 4.1 


Thus Aj has domain Z,,. 
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Thus M,-" is the 


multiplicative cipher Myr. 


For example, 


9 x 8 = 20 (mod 26). 


Note that 26 and 7 are 
coprime. 
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Another family of ciphers on Z,, which are easy to implement are the 
so-called multiplicative ciphers. 


Definition 
Let n be a positive integer and let k in Z,, be coprime with n. The 
multiplicative cipher M!), on Z,, has rule 


M,(m) =k x, m. 
Moreover, it can be shown that M,' has rule 
Mic) = hexane 


where hk’ is the multiplicative inverse of k in Z,,. 


We know that & has a multiplicative inverse k’ in Z,, by Lemma 3.1, since 
k and n are coprime. Moreover, by Theorem 3.1, row k of the 
multiplication table for Z,, includes each member of Z,, exactly once. Since 
this row is the image set of M,, it follows that M, is one-one. The rule for 
its inverse function follows from the fact that if ec =k x, m, then 


ki x, c=k x, (k Xam) =1X,m=m, 
Taking n = 26 and k = 9, we obtain the cipher 
Mg(m) = 9 X26 m, 
which enciphers our ‘HAPPYNEWYEAR’ message as follows. 


8 1 16 16 25 14 5 23 25 5 1 18 (message) 
M4+titet ttt tds 
20 9 14 14 17 22 19 25 17 19 9 6 (ciphertext) 


To decipher the ciphertext we need to apply the inverse function M;'. 
Since 9 has multiplicative inverse 3 in Zy5, we have My' = M;. For 
example, the first character of the ciphertext above is c = 20, and 


My 1(20) = Mg(20) = 3 x26 20 = 8, 


because 60 = 8 (mod 26). This is indeed the first character of the message, 


Activity 4.1 Multiplicative ciphers 


A multiplicative cipher on Zyg is defined by the function 
M;(m) = 7 X26 m. 
(a) Determine the multiplicative inverse of 7 in Z¢. 
(b) A message is enciphered using M; to give the ciphertext: 
(10, 1, 14, 9, 1, 22, 20, 1, 10, 10, 1, 14,9). 
What was the message? 


Solutions are given on page 44. 
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4.2 Exponential ciphers and RSA ciphers 


Additive and multiplicative ciphers both have the serious disadvantage 
that if a cryptanalyst can obtain a small amount of messagetext and its 
corresponding ciphertext, then the key can easily be found, 


Our next family of ciphers does a better job of concealing its key. These 
ciphers are defined on sets Z, = {0,1,2,...,p — 1}, where p is a prime 
number. For example, we might use p = 29, so that 0,1,...,25 could 
represent the English alphabet as before. 


Definition 
Let p be a prime number and let k in Z,_, be coprime with p — 1, 
The exponential cipher F, on Z,, has rule 

E,(m) = m* (mod p). This congruence defines 
Ex(m) uniquely since we 


a al I 5 
Moreover, it can be shown that EB," has rule want E,(m) to lie in Zp. 


Ex \(c) = (mod p), 


where k’ is the multiplicative inverse of k in Z, 1. 


At first sight it is not at all clear that this function 2), is one-one, nor that 
Ex! = Ey, but we shall see that this is the case. First, however, we look 
at an exponential cipher in action. Take p = 29 and choose the key k € Zag 
so that # and p—1 = 28 are coprime; for example, take k = 5, If m = 2 is 
a term of the message, then E,(m) is 
E5(2) = 2° (mod 29) 
= 32 (mod 29) 
= 3 (mod 29). 


Thus the corresponding term of the ciphertext is ¢ = 3. 


To decipher, we apply the inverse function H;'. The multiplicative inverse 
of 5 in Zyg is 17, so E;' = Ey. We can evaluate c!? = 3!7 (mod 29) using 5x 17=85=3x 2841. 
the repeated squares technique. 


3% jeati|ia2 [i3e tarHiet See Subsection 1.3. Note the 
3?" (mod 29) | 3 | 9 | 23] 7 | 20 following shortcut: 
We obtain 23” = (—6)* = 7 (mod 29). 


cl? = 37 =3 x 3! =3 x 20 = 60 = 2 (mod 29), 
giving m = 2, as expected. 


To prove that Ey is one-one and that H,' = By is tricky. It is sufficient to 
show that if m is in Z, and c= m'* (mod p), then c*’ = m (mod p). If 
c = m* (mod p), then we have 


ct =(m*)¥ = m**" (mod p). 


Since k' is the multiplicative inverse of k in Z,_,, there is an integer / such 
that kk’ = I(p—1) +1, and so 


mi = ryP-4+2 — (mm?) !mn, 


If m #0, then m is a positive integer in Z, and so is not a multiple of p. 
Hence Fermat's Little Theorem implies that m?~! = 1 (mod p), which gives 


m** = m (mod p), 
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Much larger prime numbers 
are used in practice, together 
with the blocking technique 
described in Subsection 4.1, 
but here we are deliberately 
keeping the numbers small. 
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a congruence which also holds when m = 0. Thus 
cl = m**’ = m (mod p), 


as required, 


Activity 4.2 Deciphering an exponential cipher 


An exponential cipher is defined on Z.9 by 
E3(m) = m® (mod 29). 
(a) Determine the multiplicative inverse of 3 in Zo. 
(b) A message was enciphered using E, to give the ciphertext 
(8,9). 
What was the message? 


Solutions are given on page 44. 


To see why an exponential cipher is better than an additive or 
multiplicative one, imagine that a cryptanalyst knows that m is enciphered 
to c by an exponential cipher: 


c= E,(m) = m* (mod p), (4.1) 


where the key k is coprime with p— 1, The problem is to find k, given 
congruence (4.1), For small values of p, the key can be found by checking 
all possible values of k, but for larger values of p the problem is much 
harder, and certainly very much harder than the corresponding 
enciphering calculations. When congruence (4.1) holds, k is called the 
discrete logarithm of c with base m and modulus p, and, as you may 
imagine, the problem of computing discrete logarithms has received much 
attention from number theorists and cryptographers. 


Finally, we describe the RSA ciphers, so-called because they were invented 
by R. L. Rivest, A. Shamir and L. Adleman, in 1977. These ciphers are 
defined on sets of the form Z,, = {0,1,2,...,pq—1}, where p and q are 
prime numbers, For example, we might use p= 5 and q = 11, so that 
0,1,...,25 could represent the English alphabet as before. 


Definition 
Let p and q be prime numbers and let & in Z(,~1)q-1) be coprime with 
(p—1)(q—1). The RSA cipher R, on Z,, has rule 


R,(m) = m* (mod pq). 
Moreover, it can be shown that Rj! has rule 
Ry'(c) =e (mod pq), 


where k’ is the multiplicative inverse of k in Z()—1)(q-1)- 
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Once again, it is not obvious that the function A, is one-one, nor that 
R;,' = Ry, but we shall see that this is the case, First, however, we look 
at an RSA cipher in action. Take p = 5, g = 11 and choose the key k € Zig 
so that k and (p—1)(q— 1) = 40 are coprime. For example, take k = 7. 


If m = 8 is a term of the message, then R,.(m) is 

R;(8) = 8" (mod 55). 
Using repeated squaring, we obtain 

po 8! | 8? | 84 

8?" (mod 55) | 8 | 9 | 26 
and so 

R;(8) =8" =8! x 8? x 8'=8 x 9 x 26 = 2 (mod 55), 
Thus the corresponding term of the ciphertext is ¢c = 2. 


To decipher, we apply the inverse function R;'. The multiplicative inverse 
of 7 in Zyo, is 23, so R7' = Rog. We can evaluate c*? = 2° (mod 55) using 7 x 23 = 161 =4x 40+1 
the following table. 


2" Qi 2? Qt 98 gis 
2?" (mod 55) | 2 | 4 | 16| 36] 31 
We obtain 


273 = 9! x 2? x 24 x 2!6=2x 4x 16 x 31 =18 x 31 =8 (mod 55), 


giving m = 8, as expected. 


To prove that Ry, is one-one and that Ry‘ = Ry is again tricky. It is 
sufficient to show that if m is in Z,, and ¢= m* (mod pq), then 
ce =m (mod pq). If ¢ = m* (mod pq), then we have 


= (m*)*" =m’ (mod pq). 
Since k’ is the multiplicative inverse of k in Z(,~1)(4~1), there is an integer / 
such that kk’ = I(p—1)(q— 1) +1, and so 
mi = mle-DG-) +1 — (m?*)'"9-D m, 
If m is not a multiple of p, then Fermat's Little Theorem implies that ‘Thus, in particular, m 4 0. 
m?~! = 1 (mod p), which gives 


m* =m (mod p), 


a congruence which also holds if m is a multiple of p (including the zero 
multiple). Similarly, 


m*® =m (mod q). 
Hence m**’ — m is divisible by p and by q, and so by their product pq, This follows by Remark 1 on 
since p and q are primes. Thus page 29. 

ct’ = m**" = m (mod pq), 
as required. 
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The remainder of this section 
will not be assessed. 


38 


CHAPTER D2 NUMBER THEORY 


Activity 4.3 Deciphering an RSA cipher 


An RSA cipher is defined on Z;; by 
Ro;(m) =m" (mod 55). 
(a) Determine the multiplicative inverse of 27 in Z4o. 
(b) A message was enciphered by Ry; to give the ciphertext 
(9,5). 
What was the message? 
Solutions are given on page 44. 


The calculations above do not indicate why RSA ciphers are so significant. 
Notice, however, that in order to apply the formula R,(m) = m* (mod pq) 
the encipherer needs to know the values of the product pq and the 
exponent /, but does not need to know the values of p and q. Indeed, for 
large primes p and q it may be extremely difficult to factorise pq, taking 
years of computer effort if pq is, say, several hundred digits long. Thus the 
encipherer will be unable to find p and q, except by luck, and so unable to 
find k’ which is needed for deciphering. On the other hand, the 
calculations involved in using an RSA cipher with such large numbers are 
feasible on suitably programmed machines. 


All this means that a person P, who wishes to receive enciphered messages 
that cannot be deciphered by anyone else, can choose large primes p and q, 
find k with multiplicative inverse k’ in Z(p—1)(q~1) using Euclid’s algorithm, 
and then make public the values of k and the product N = pq. To encipher 
a message to P, any other person represents their message as a sequence of 
(large) integers in Zy, by using the blocking technique described earlier in 
this section, and then enciphers these integers with the function defined by 


R,(m) = m* (mod N), 


evaluated by the repeated squares method. Only P knows the value of k’, 
so only P can decipher such messages using Ry! = Ry. 


The RSA cipher is an example of a so-called public-key cipher, for 
which the enciphering process can be made public without betraying the 
deciphering process. The existence of such ciphers creates the possibility of 
each person (and each organisation) publishing their own RSA cipher, 
which can be used to send them private messages, funds, and so on. 


This possibility raises many issues of great significance, not least of which 
is the displeasure of governments, who may prefer to be able to monitor 
the activities of their citizens while keeping their own activities ‘secure’. 
Indeed, there has already been controversy about the publication of certain 
public-key ciphers. On the other hand, there is a great incentive to 
researchers in number theory to find ever better algorithms to factorise 
large numbers, in order to facilitate the breaking of RSA ciphers. There is 
even the possibility that a more efficient algorithm may be found to 
decipher an RSA cipher, without the need for factorisation. Anyone finding 
such an algorithm should expect a large amount of interest to be shown in 
their work! 
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Summary of Section 4 


In this section you have seen how number theory plays an unexpected role 
in modern methods of cryptography. 


Exercises for Section 4 


Exercise 4.1 

Decipher each of the following pieces of ciphertext. 

(a) (15, 28,5, 2), which was enciphered using the multiplicative cipher 
M,y(m) = 13 X39 m on Zyo. 

(b) (25,13, 19), which was enciphered using the exponential cipher 
Ex5(m) = m*® (mod 37) on Zg7. 

(c) (26,30, 4, 12,9, 24,26), which was enciphered using the RSA cipher 
Ri3(m) = m' (mod 33) on Zs. 

In each case the English alphabet is represented as follows. 
A|B|C| ore [X|¥|z 
1/273] ga [24 | 25 | 26 


Note that the multiplicative inverses needed for this exercise were all 
calculated in Exercise 3.1. 
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5 Number theory and Mathcad 
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Ca) 


In this section, you have the opportunity to develop your understanding of 
the concepts in this chapter, to check some of your earlier calculations, and 
also to try out the methods with much larger numbers than your 
calculator can handle. 


The computing work for this chapter uses Mathcad to: 


° 
° 


° 


° 
° 
° 


calculate the quotient and remainder in the Division Algorithm; 
calculate the remainders on division by n of a sequence of powers a‘, 
I pan By 

calculate the remainders on division by n of a power a* using the 
repeated squaring algorithm; 

generate addition and multiplication tables for Z,,; 

calculate multiplicative inverses, using Euclid’s Algorithm; 

factorise large numbers and also multiply large numbers. 


Refer to Computer Book D for the work in this section. 


Summary of Chapter D2 


In this chapter you acquired some techniques of number theory and 
applied some of its basic results. In particular you have seen the 
application of Fermat’s Little Theorem in cryptography. 


Learning outcomes 


You have been working towards the following learning outcomes. 


Terms to know and use 


Division Algorithm, quotient, remainder, divisible by n, divisor, factor, 
congruent modulo n, congruence, modulus, digit sum, alternating digit 
sum, common factor, coprime, multiplicative inverse, Buclid’s Algorithm, 
cipher, messagetext, ciphertext, additive cipher, key, multiplicative cipher, 
exponential cipher, RSA cipher. 


Terms to be aware of 


Theorem, lemma, corollary, counter-example, commutative operation, 
associative operation, star polygon, cryptography, cryptanalyst, encipher, 
decipher, Caesar’s cipher, discrete logarithm, public-key cipher. 


Notation to know and use 
a=b(mod n), a#b(mod n), a=b=e(mod n), Zn, tn: Xn- 


Mathematical skills 
© Apply the Division Algorithm (Theorem 1.1). 
© Follow the use of Properties of Congruence (Theorem 1.2). 
© Find remainders on division of large numbers by: 
3,9,11; 2,4,8,...5; 6,12; 7,13. 
© Construct tables for +, and x,, for Z,, and describe patterns therein. 


© Use Euclid’s Algorithm to find the multiplicative inverse of an element 
in Z,. 


© Follow the development of Theorem 3.1. 


© Use Fermat's Little Theorem (Theorem 3.2) to find remainders of 
powers modulo p. 


© Use additive, multiplicative, exponential and RSA ciphers to encipher 
a message and to decipher a ciphertext. 
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Solutions to Activities 


Solution 1.1 


There is no need to use q = floor(a/n) if you can ‘see’ 


how the division of a by n works out. 
(a) Here 77=8x9+5, so 
q=8 and r=5. 


(b) Here 
q = floor(—100/11) = floor(—9.0909...) = —10, 
so 

r =—100—(—10) x 11=10. 
(c) Here 
q = floor(987 654 321/8) = floor(123.456 790.1... 
= 123.456 790, 
80 
r = 987654 321 — 123 456 790 x 8 = 1, 
Solution 1.3 


We can write 
a=pn+r, 

where p and r are integers with 0 <r <n. 

Since a — 6 is a multiple of n, we can write 
a—b=kn, 

where k is an integer. 

Eliminating a from these equations, we obtain 
b=a—kn=(pn+r)—kn=(p—k)n+r. 


Because p — k is an integer, it follows from the 
Division Algorithm that 6 also has remainder r on 
division by n. 


Solution 1.4 
(a) True (b) False (c) True 
(d) True (e) True (f) True 
Solution 1.5 


Since equations (1.2) hold, we deduce, by 
subtraction, that 


(a—b) —(c—d) =kn-In, 
that is, 
(a—c) —(b—d) =(k—Un, 


and this implies that a — c = 6 — d (mod n), since 
k —Lis an integer. 


42 


Solution 1.7 
We obtain 


15! = 15 (mod 55), 

15° = 225 = 5 (mod 55), 
15* = 5? = 25 (mod 55), 
15° = 25? = 20 (mod 55), 
15'° = 20? = 15 (mod 55). 


Since 19 = 1+ 2+ 16, we obtain 


15! = 15! x 15? x 15" (mod 55) 
= 15 x 5 x 15 (mod 55) 
= 1125 = 25 (mod 55), 


as required, 


Solution 2.5 


(a) 


(b 


This number is divisible by 2 and, from 
Activity 2.1, is congruent to 2 modulo 3, Hence, 
by congruence (2,2), rg = —4 (mod 6), so the 
remainder on division by 6 is rg = 2. 


This number is congruent to 2 modulo 3 and, 
from Activity 2.4, is divisible by 4. Hence, by 
congruence (2.3), riz = 8 (mod 12), so the 
remainder on division by 12, is rig = 8. 


Solution 2.7 


(a) 


On division by 7, the remainders are: 


6 | 341 | 723 | 110 | 832 | 864 
6{ 5 [2] 5 | 6 | 3 (mod7) 


and their alternating sum is 
3-64+5-2+5-6=-1. 


Hence the number is congruent to —1 modulo 7, 
and so gives remainder 6 on division by 7. 


On division by 13, the remainders are: 


6 | 341 | 723 | 110 | 832 | 864 
6] 3 8 6 0 6 (mod 13) 


and their alternating sum is 
6-0+6-8+3-6=1. 


Hence the number gives remainder 1 on division 
by 13. 


Solution 3.1 


(a) 
(b) 


3, 1,4, 6, 2 
1, 0, 3, 2,4 


Solution 3.2 
(a) +5 | OU 23k +6 | 0! D2 3) 4 § 
0/0 1 2:3 4 0/012 3 45 
1j)/1 2340 Pld 2 3 4 5. 0 
2123401 2/2345 01 
3.)'3 4 0 1 2 3/3 4501 2 
4}40123 4/4 5 0 T 2°'S 
me Wood W Qe 8: “a 
(b) The most striking pattern is that each row is 


obtained from the one above by shifting the 
entries one place to the left, moving entries 
which drop off the left end to the right end. In 
particular, the entries in each ‘uphill’ diagonal of 
a table are constant. 


This pattern arises because if you increase the 
row number by 1 and decrease the column 
number by 1, then the corresponding sum 
remains the same. 


One consequence of this pattern is that the 
addition table is symmetric under reflection in 
its main ‘downhill’ diagonal. This symmetry of 
the table reflects the fact that, for all a and b 
in Zn, 


at+b=b+a, 

80 
atnb=b+na. 

Solution 3.3 

(a) x5/0 1.2.8 4 xe|0 1 2 304 5 
o0};0 000 0 OL 10 Oi 105 0" 0) 70! 
10h tae 1j/0 123465 
2iliOy ea TS: 21024024 
3/0 3 1 4 2 3 0: 3: 10'S) 0 3 
4|04 321 4/0 42 0 4 2 

6|/0 543 21 


(b) 


(c) 


There seems to be no striking overall pattern of 
the type seen in the addition tables. 


However they are symmetric under a reflection 
in the main ‘downhill’ diagonal because, for all 
a,bin Z,, 


axb=bxa, 
so 
ax, b=bxya. 


(There are other symmetries of the tables 
obtained by omitting row 0 and column 0, which 
you may like to investigate.) 


It appears that a non-zero row (or column) of 
the multiplication table for Z,, includes all the 
numbers from Z,, if and only if the row (or 
column) number has no factors in common 
with n, other than 1. For example, in the table 
for Zs, rows 1 and 5 include all of Zs, but the 
other rows do not, 


SOLUTIONS TO ACTIVITIES 


Solution 3.4 


Using the definition of +, and Theorem 1.2(d), we 
obtain 


+n (b +n ¢) =a+(b+n c) (mod n) 
=a+(b+c) (mod n). 
Similarly, 
(a+nb) +n 
and so the associativity of +,, follows from that of 
ordinary addition: a + (b+ ce) =(a+6) +c. 
Solution 3.5 
(a) 1, 2, 4, 5, 7and 8 are coprime with 9. 


(a+b) +e (mod n), 


(b) The multiplication table for Zy confirms that 
rows 1, 2, 4, 5, 7 and 8 include the whole of Zo, 
whereas rows 0, 3 and 6 do not. 


lW 2.9 S46 87 8 

ojo 00000000 
= Dera ee 66 tg 
=e ie ee ee 

slo ¢ 6 0 3 6 6-3 6 
+ @10 @ 88728 1 5 
+- 5/08 169 7 3 8 4 

6/06 3063063 
+ ¥lo 5 818 64 2 
+ £10 8 % 6 # 4.92 3 
Solution 3.6 


(a) Using the Division Algorithm repeatedly (until 
remainder 1 appears): 


12=1x7+5 
T=1x5+2 
5=2x2+1. 

Eliminating multiples of 2 and 5: 
1=5-2x2 
=5-2(7-1%x5) 
=-2x74+3x5 
=-2x7+3(12-1x7) 
=3x12-5x7. 

Hence 


7x (-5) = 12 x (—3) +1, 


so 7 x (—5) = 1 (mod 12), and thus the 
multiplicative inverse of 7 in Zy) is —5 + 12 = 7. 


(b) Using the Division Algorithm repeatedly: 
26=2x9+8 
9=1x8+1. 


Eliminating multiples of 8: 


1=9-1x8 
=9-1% (26-2 9) 
=-1x 264+3x9. 
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Hence 
3x9=1% 2641, 


so 3x 9=1 (mod 26), and thus the 
multiplicative inverse of 9 in Zag is 3. 


Solution 3.7 

(a) By Fermat's Little Theorem, with p= 19 and 
a = 3, we know that 3!8 = 1 (mod 19). Hence 
the remainder is 1, 


(b) By (a) and ‘Theorem 1.2, 


35% = gi8x3+1 = (319)8 x 3= 1° x 3=3 (mod 19), 


Hence the remainder is 3. 


(c) First 16=5 
By Fermat's Little Theorem, with p= 11 and 
a= 5, we know that 5!° = 1 (mod 11). 
Therefore 


16! = 5193 = (519)10 x 59 
=1x 125 =4 (mod 11), 


Hence the remainder is 4. 


Solution 4.1 
(a) Using the Division Algorithm repeatedly: 


26=3x7+5 
T=1x5+2 
§=2x2+1. 


Eliminating multiples of 2 and 5: 


1=5-2x2 

=5-2(7-1x5) 

=-2x7T4+3x5 

=-2x 7+3(26-—3 x7) 

=3x 26-11 x 7. 
Hence 


-11x7=-3 x 26+1, 
and since —11 = 15 (mod 26), the multiplicative 
inverse of 7 in Zg6 is 15. 


The message is deciphered by applying 
Mz" (c) = Mis(c) = 15 x26 ¢. Thus we need to 
find 

Mj5(10) = 15 x26 10 = 20, 

Mj5(1) = 15 X96 1 = 15, 

Mj5(14) = 15 X96 14 = 2, 

M,;(9) = 15 x26 9 =5, 

M)5(22) = 15 xg6 22 = 18, 

Mj5(20) ='15 X26 20 = 14. 


Hence the messagetext is 


(20, 15, 2,5, 15, 18, 14, 15, 20, 20, 15, 2,5). 


(mod 11), so 161° = 5'°8 (mod 11). 


This represents 
‘TOBEORNOTTOBE’ 
in the English alphabet. 


Solution 4.2 
(a) Since 28 = 9 x 3+ 1, we have 


—9x3=-1x28+1, 
so 
~9 x 3 = 1 (mod 28) 


and hence —9 + 28 = 19 is the multiplicative 
inverse of 3 in Zs. 


To decipher the message we find Fy9(8) and 
Ey9(9). Since 


3?" 
8?” (mod 29) 


81 | 8? | 8 | 38 gle 
8 [6] 7] 20] 23 


we obtain 
gt? = 8! x 8? x 8! =8 x 6 x 23 = 2 (mod 29), 

so Fyy(8) = 2. Similarly 
9?" 91 | 9? | 94 | 98 | 98 

9" (mod 29) | 9 | 23] 7 | 20] 23 


9! x 9? x 9! = 9 x 23 x 23 = 5 (mod 29), 


so Ey9(9) = 5. Hence the deciphered message is 
(2,5), which would represent ‘BE’ in the English 
alphabet. 


Solution 4.3 


(a) Using the Division Algorithm repeatedly: 


(b 


40 =1 x 27413 
27=2x13+1. 
Eliminating the multiple of 13: 
1=27-2x13 
= 27 — 2(40 — 1 x 27) 
=-2 x 4043 x 27. 


Hence 3 x 27 = 2 x 40 + 1, so the multiplicative 
inverse of 27 in Z4g is 3. 


To decipher the message, we find R3(9) and 
R3(5): 


9° = 729 = 14 (mod 55) 
and 
5° = 125 = 15 (mod 55). 


Hence the deciphered message is (14,15), which 
would represent ‘NO’ in the English alphabet. 


Solutions to Exercises 


Solution 1.1 
(a) Repeated multiplication by 4 gives the following 
table. 
4n [4° | at | 4? | 4 | at | 48 


(mod li)[1[4]s[o[s]i 


Hence 


4" = 1 (mod 11), whenever k is a multiple of 5, 


80 
4 = 4? x 4! =5 x 1 =5 (mod 11), 


Thus the remainder is 5. 


(b) Repeated multiplication by 8 gives the following 
table, 
gn 8° | g! | g2 | 83 | 84] 85 | 8% 
8” (mod 25) 14} 12 | 21 19 
87 | 88 | 89 | gl? 
16] 3 | 24 
Thus the remainder is 24. 
(Note the possible shortcut here: 
89 = 8° x 8° = 18 x 18 = 324 = 24 (mod 25).) 
Solution 1.2 
(a) Repeated squaring gives 


a" 44 | 45 
#" (mod 11) | 4] 5] 3] 9 
so 
4! = 4% x 48 =3 x 9 = 27 =5 (mod 11). 
As expected, the remainder is 5. 
(b) Repeated squaring gives 
a2" 
8?" (mod 25) 


38t | 38 
14 | 21 


so 


81° = 8? x 8° = 14 x 16 = 224 = 24 (mod 25). 


As expected, the remainder is 24. 


Solution 2.1 


In each case, the positive integer a has the same 


remainder as that of its final digit. These remainders 
are the same because the difference between a and its 


final digit is divisible by each of 2, 5 and 10. (For 
example, 112973 — 3 = 112970, which is divisible by 
2, 5 and 10.) 


Solution 2.2 


In each case, we use r, to denote the remainder on 
division by n. 


(a) m2 =1 
(b) The digit sum is 53 = 17 x 3+ 2, so ry = 2. 
(c) The number formed from the last two digits is 
53, and 53 = 13 x 4+1, sory =1. 
(a) r5 =3 
(e) r¢ = 3r2 — 2rg =3—4 = —1 (mod 6), so rg =5. 
(f) The required remainders are as follows. 
5 | 2. 612 | 009 | 721 | 753 
5} 6 | 3] 2 | 0 | 4 (mod7) 
Hence r7 = 4-—0+2-—3+6-—5= 4 (mod 7), so 
rz =4, 
(g) The number formed from the last 3 digits is 753, 
and 753 = 94 x 8+1, so rg = 1. 
(h) The digit sum is 53 = 5 x 9 +8, so rg = 8. 
(i) mo =3 
(j) The alternating digit sum is 24 — 29 = —5, so 
ry =6. 
(k) m2 = 4r3 — 3ryg = 8 —3 =5 (mod 12), so 
ro = 5, 
Solution 2.3 
(a) Ifa has remainder rz on division by 2 and rz on 
division by 7, then 
a=2q3+r2 and a=T7q7+717, 
where q2 and q; are the respective quotients. We 
now manipulate these two equations to obtain a 
on the left-hand side and multiples of g2 and q7 
which are divisible by 14 on the right-hand side: 
a=Ta—6a 
= 7(2q2 + r2) — 6(7G7 + 17) 
= (14qo — 4297) + (7r2 — 6r7) 
= 14(q2 — 397) + (Tra — Gr). 
Thus a = 7rg — 6r7 (mod 14), and hence 
14 = 7r2 — Gr7 (mod 14). 
(b) In Exercise 2.2, r2 = 1 and rz = 4, so 


m4 =7x1-—6x4=—17 (mod 14), 


80 M4 = 11. 
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Solution 3.1 
(a) Using the Division Algorithm repeatedly: 
30=2x13+4 
13=3x4+1. 
Eliminating multiples of 4: 
1=13-3x4 
= 13 — 3(30— 2 x 13) 
=7x 13-3 x 30. 
Hence 7 x 13 = 3 x 30+ 1, so the multiplicative 
inverse of 13 in Zgo is 7. 
(b) Using the Division Algorithm repeatedly; 
36=1% 25+11 
25=2x11+3 
W=3x3+2 
3=1xK2+1. 
Eliminating multiples of 2, 3 and 11: 
1=3-1x2 
3-(11-3x3) 
—11+4x3 
—11 + 4(25 — 2 x 11) 
4x25-9x11 
=4 x 25 — 9(36 — 1 x 25) 
=-9 x 36+ 13 x 25. 


Hence 13 x 25 = 9 x 36 + 1, so the multiplicative 
inverse of 25 in Ze is 13. 


(c) Using the Division Algorithm repeatedly: 


20=1x13+7 
13=1x7+6 
7T=1x6+1. 
Eliminating multiples of 6 and 7: 
1=7-1x6 
=7-(13-1x 7) 
=-13+2x7 
= -13 + 2(20—1 x 13) 
=-3x134+2x 20. 
Hence —3 x 13 = —2 x 20 + 1, and since 


—3 =17 (mod 20), the multiplicative inverse of 
13 in Zoo is 17. 


Solution 3.2 


(a) By Fermat’s Little Theorem, 5'* = 1 (mod 13), 
so 


576 = (512)? x 5? = 25 = 12 (mod 13). 


Hence the remainder is 12. 
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(b) 


First 41 = 3 (mod 19), so 414! = 
By Fermat’s Little Theorem, 3" 
80 


41 (mod 19), 
=1(mod 19), 


41% = (3'8)? x 3° 
= 3° =27x9=8 x 9=72=15 (mod 19). 


Hence the remainder is 15. 


Solution 4.1 


(a) 


(b) 


By Exercise 3.1(a), the multiplicative inverse of 
13 in Zyo is 7, 50 My,' = My. Thus we need to 
find 


M;(15) = 7 X30 15 = 15, 
which gives ‘O’; 
M;(28) = 7 X30 28 = 16, 
which gives ‘P’; 
M;(5) = 7 X30 5 =5, 
which gives ‘E’; 
M;(2) = 7 xg 2= 14, 
which gives ‘N’. 
Thus the message was ‘OPEN’. 
By Exercise 3.1(b), the multiplicative inverse of 
25 in Zyg is 13, 80 By,’ = E13. Thus we need to 
find 
Ey3(25), Fig(13), E1g(19). 
Repeated squaring gives 
252" | 251 | 25? | 254 | 258 
252" (mod 37) | 25 | 33 | 16 | 34 


and so 
E43(25) = 25! 
= 25! x 254 x 25° 
= 25 x 16 x 34 
= 30 x 34 = 21 (mod 37), 


which gives *U’. 
Repeated squaring gives 
is?” | 131 | 13? | 134 | 138 
13?” (mod 37) | 13 | 21 34 | 9 
and so 
F,3 = 13" 
= 13! x 13* x 13° 
= 13x 34x 9 
35 x 9 = 19 (mod 37), 


which gives ‘S’, 


(c) 


Repeated squaring gives 
19?" | 191 | 19? | 194 | 198 
19?” (mod 37) | 19 | 28 i | 12 
and so 
E\3(19) 


= 198 
= 19" x 19% x 19° 
=19 7 x 12 = 22 x 12 = 5 (mod 37), 
which gives ‘E’. 
Thus the message was ‘USE’. 
Note that 33 = 3 x 11, so with p=3 and q= 11 
we obtain (p —1)(q—1) = 20. Thus, to find the 
inverse function for the RSA cipher Rig on Z33, 
we need to determine the multiplicative inverse 


of 13 in Zo9. By Exercise 3.1(c), we know this to 
be 17, so Ry;! = Riz. Thus we need to find 


Ri7(26), Ry7(30), Ri7(4), Riz(12), Ri7(9), Riz (24). 


SOLUTIONS TO EXERCISES 


Repeated squaring gives 
26?” | 26+ | 26? | 264 | 268 | 261° 
26?" (mod 33) | 26 | 16 | 25 | 31 | 4 
and so 
Riz(26) = 267 
= 26! x 26'° = 26 x 4=5 (mod 33), 


which gives ‘E’. 
In the same way, we find that 
Ry7(30) = 24, Ryz(4) = 16, Ryz(12) = 12, 
Riz(9) = 15, Ry7(24) = 18, 
and so the message was ‘EXPLORE’. 
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